Diploma Thesis Santiago Gómez Sáez - IAAS
Diploma Thesis Santiago Gómez Sáez - IAAS
Diploma Thesis Santiago Gómez Sáez - IAAS
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
4.2. Multi-tenancy<br />
Communication in, and from the ESB must be multi-tenant aware. We divide the required<br />
isolation between tenants into the following sub-requirements:<br />
• Tenant-aware messaging: messages received in the ESB and routed between the tenantaware<br />
endpoints should be enriched with tenant and user information.<br />
• Tenant-aware endpoints: in ServiceMix-mt tenants pack a common endpoint configuration<br />
packed in a SU, which is then deployed as a SA in ServiceMix-mt’s JBI container<br />
[Sá12]. The multi-tenant aware BC dynamically modify the endpoint’s URL by injecting<br />
tenant context in it. In a database system in our scenario we do not have only tenants as<br />
the main actors, but also the different users which can access a tenant’s database. Therefore,<br />
the tenant-aware endpoints should be dynamically created by injecting tenant and<br />
user information in the endpoint’s URL. Furthermore, we must ensure tenant and user<br />
authentication in the system.<br />
• Tenant-aware routing and context: the deployment of tenant-aware endpoints should<br />
be followed by the creation of a tenant-aware context. Resources involved in a routing<br />
operation from one consumer endpoint to one provider endpoint can be shared between<br />
different tenants, but they must manage the routing operations in different tenant-aware<br />
contexts. The routing operations between two endpoints must identity the tenant and<br />
user who initiated the routing.<br />
• Tenant configuration isolation: configuration data persisted in our system should be<br />
isolated between tenants. A tenant’s endpoint configuration data contains sensible<br />
information which identifies and allows access to the tenant’s backend data stores.<br />
• Tenant-aware correlation: in a request-response operations, the response obtained from<br />
the backend data store must be correlated with the tenant’s request to the system, and<br />
ensure that one tenant does not receive responses from another tenant’s request.<br />
4.2.2. Storage Requirements<br />
Due to the fact that our system does not primarily requires multi-tenant aware storage<br />
support, but we rely on multi-tenant aware storage systems in the Cloud, we summarize the<br />
main requirements for isolating data between tenants in database systems.<br />
Curino et al. identify as a primary requirement for a Cloud provider offering a DBaaS model<br />
security and privacy [CJZ + 10]. A system running multiple database servers and each server<br />
multiple database instances must contain the necessary meta-data to provide tenant-aware<br />
routing in the system, and ensure that one tenant can only access the information in his<br />
database instance. Furthermore, privacy of stored data between tenants can be ensure by<br />
encrypting all tuples [CJP + 11]. Curino et al. introduce CryptDB, a subsystem of a relational<br />
Cloud which provide data encryption and unencryption functionalities for persisting data,<br />
and for accessing data via SQL queries which are not aware of the encrypted storage mechanism<br />
in the system. However, it is known that the key challenge in managing encrypted data<br />
in the Cloud is doing it efficiently.<br />
39